Stop generating certificate requests for disabled networks
The certificate requests created based on ApacheNetworks require fqdn_NETWORK to be set. The will only be defined for the networks that are enabled for the current role. Currently requests are generated for all networks. This happens to work for the Controller role as all networks are enabled. However it fails on DCN compute nodes that are not on the external network (they use apache for local glance-api services). Change-Id: I05ba5fb48c617a5bbedebb8b74c23bec9abf3bbd
This commit is contained in:
parent
d9fabc20ed
commit
4e3d900942
@ -72,10 +72,13 @@ resources:
|
||||
# NOTE(xek) Get unique network names to create certificates.
|
||||
# We skip the tenant and management network (vip != false)
|
||||
# since we don't generate certificates for those.
|
||||
{%- for role in roles %}
|
||||
{{ role.name }}:
|
||||
- ctlplane
|
||||
{%- for network in networks if network.enabled|default(true) and network.vip|default(false) %}
|
||||
{%- for network in networks if network.name in role.networks and network.enabled|default(true) and network.vip|default(false) %}
|
||||
- {{network.name_lower}}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -119,7 +122,7 @@ outputs:
|
||||
service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
|
||||
service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
|
||||
for_each:
|
||||
NETWORK: {get_attr: [ApacheNetworks, value]}
|
||||
NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]}
|
||||
metadata_settings:
|
||||
if:
|
||||
- {get_param: EnableInternalTLS}
|
||||
@ -129,7 +132,7 @@ outputs:
|
||||
network: $NETWORK
|
||||
type: node
|
||||
for_each:
|
||||
$NETWORK: {get_attr: [ApacheNetworks, value]}
|
||||
$NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]}
|
||||
upgrade_tasks: []
|
||||
deploy_steps_tasks:
|
||||
- name: Certificate generation
|
||||
@ -167,4 +170,4 @@ outputs:
|
||||
- {get_param: CertificateKeySize}
|
||||
ca: ipa
|
||||
for_each:
|
||||
NETWORK: {get_attr: [ApacheNetworks, value]}
|
||||
NETWORK: {get_attr: [ApacheNetworks, value, { get_param: RoleName }]}
|
||||
|
Loading…
Reference in New Issue
Block a user